package com.lq.JDBC;

import com.lq.JDBC.Utils.DBUtils;

import java.sql.*;
import java.util.Scanner;

public class SqlInjection {
    public static void main(String[] args) {
        Scanner scanner = new Scanner(System.in);
        System.out.println("请输入用户名：");
        String username = scanner.nextLine();
        System.out.println("请输入密码：");
        String password = scanner.nextLine();

        String sql = "select id,username,password from `user` where username = ? and password = ?";
        System.out.println(sql);
        Connection conn = null;
//        Statement statement = null;
        PreparedStatement statement = null;
        ResultSet resultSet = null;
        try {
            conn = DBUtils.getConnection();
//            statement = conn.createStatement();
            statement = conn.prepareStatement(sql);
            statement.setString(1,username);
            statement.setString(2,password);

//            resultSet = statement.executeQuery(sql);
            resultSet = statement.executeQuery();
            if(resultSet.next()){
                System.out.println("用户："+username+"，登陆成功！");
                return;
            }
            System.out.println("用户："+username+"，登陆失败！");

        } catch (SQLException e){
            e.printStackTrace();
        }finally {
            DBUtils.closeAll(conn, statement, resultSet);
        }
    }
}
